Jump to content

Packet Sniffer

Recommended Posts

I am looking to monitor my home network traffic because I suspect the one PC in the house is a bot. Does anybody have a suggestion as to software which I can use on my mac to see all traffic, wireless and wired?

Share this post

Link to post
Share on other sites

I used Ethereal at work a while back and it is a great network sniffer. Wireshark is its successor and there is a Mac OS X port here:




More information on Wireshark can be found at www.wireshark.org


EDIT: If you have X11 installed (it's an optional install which can be found on your OS X install disk), this version might be more "user-friendly", ie easier to install: http://mac.softpedia.com/get/Network-Admin/WireShark.shtml

Edited by TDamon

Share this post

Link to post
Share on other sites

Boy do I!


It's a bit complicated, but this app is a standard and a must for all packet sniffing. The app is called ethereal and I love it. Here's how you go about getting it up and running on a mac (the easiest way I know of).


The first thing (which I almost forgot to mention) is that you need to have X11 installed, which requires OSX 10.3.9 or later. You can either download it from the link I posted, or it should also be on your Tiger DVD if you have OSX 10.4.x.


Now go get and install Fink. This app will allow you to install various ported Unix type stuff. It is very much like the DarwinPorts project, but it's the one I use and am familiar with, so I'm going to use it in my little tutorial.


Fink is a command line utility, but it comes with an app called Fink Commander which is the GUI front end. Once you've got Fink installed, fire up Fink Commander and search for "ethereal". Ethereal should be on the list, I just ran a quick search and it was the middle of three, so unless things change, it shouldn't be hard to find.


Now you have two options, you can either install the binary or install from source. I suggest binary since there is both an intel and PPC binary, and compiling from source takes longer. To do this click the icon in the toolbar all the way at the top left right under the red close window widget. If you hover your mouse there will be a tool tip that says "install binary package(s)". You can also hit apple-option-i when it is selected, or select "Insatll" from the binary menu. Follow prompts and probably enter your password at least once, and wait for ethereal to be installed.


Now you have a very powerful packet sniffer installed on your computer. But how to launch it? Luckily someone has come up with a very mac solution to that. Download AquaEthereal. Now simply double click on the AquaEthereal app enter your password and get going. This app can be a bit confusing but it's the best, it's open source and it's free.


Good luck in your packet sniffing! :P


I use this app but do not know much more than just basic operations, so I'm sorry I cannot provide a tutorial on how to use ethereal. :(

Share this post

Link to post
Share on other sites

Thanks a lot for that installation tutorial. It will work on Mac OS X 10.3.9 as well.


Some observations:

  • AquaEthereal is only a launcher, not the application itself (which is Ethereal)
  • Ethereal is dog slow, so be patient when it launches
  • you can run Ethereal only as an administrator, because it asks you only for a password, and not a user name
  • Ethereal seems to be revamped into Wireshark; perhaps you can find some guidance on wireshark.org

Share this post

Link to post
Share on other sites

Wireshark, eh? I'm going to have to take a closer look at that. Thanks a lot. I love karma, I try to help someone, and I end up getting help myself.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing

    No registered users viewing this page.

  • Who's Online (See full list)

    There are no registered users currently online